General
-
Target
53eb768c595f543461eb7a3c7f8adb50132a10ff5dc7332305cf98edc854aa3e
-
Size
432KB
-
Sample
241001-yzs1paydmm
-
MD5
479f9c833381a37ce493853c432a57fa
-
SHA1
3985ff1849ebd9cd7c8122683660f33aa295edda
-
SHA256
53eb768c595f543461eb7a3c7f8adb50132a10ff5dc7332305cf98edc854aa3e
-
SHA512
d34dd2c1a35a017b5c85148ec0b89d5db9d7fbd600f1840b837225b45e04599a1bbb700db4592f47e7405b38e2418061dd18b04ef7c9fd20044fe5e7b0b8237d
-
SSDEEP
12288:kov9YJjrV+pJR6cuXFqaYCL9yKASIAcl3hkWWlyvQ5:B+JHVyR6xXky0KASbcdh6yvQ5
Malware Config
Targets
-
-
Target
53eb768c595f543461eb7a3c7f8adb50132a10ff5dc7332305cf98edc854aa3e
-
Size
432KB
-
MD5
479f9c833381a37ce493853c432a57fa
-
SHA1
3985ff1849ebd9cd7c8122683660f33aa295edda
-
SHA256
53eb768c595f543461eb7a3c7f8adb50132a10ff5dc7332305cf98edc854aa3e
-
SHA512
d34dd2c1a35a017b5c85148ec0b89d5db9d7fbd600f1840b837225b45e04599a1bbb700db4592f47e7405b38e2418061dd18b04ef7c9fd20044fe5e7b0b8237d
-
SSDEEP
12288:kov9YJjrV+pJR6cuXFqaYCL9yKASIAcl3hkWWlyvQ5:B+JHVyR6xXky0KASbcdh6yvQ5
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-